Sending syslog to another machine

Rick Stevens ricks at nerd.com
Mon Dec 1 21:43:00 UTC 2008


Bill Davidsen wrote:
> Mikkel L. Ellertson wrote:
>> lanas wrote:
>>> Basically rsyslog works like syslog, but adds a few more options.  So
>>> simply specify the server (and optional port) to start with and make a
>>> few tests by using the logger utility. 
>>> *.* @@remote-host:514
>>>
>>> Replace remote-host with your remote syslog.  514 is the default
>>> well-known syslog port so unless you have set up something else, you
>>> can leave it there.
>>>
>>> Don't forget to restart/reload rsyslog (or any other syslog daemon for
>>> that matter) after doing configuration changes.  This sometimes can be
>>> done by simply sending the daemon a HUP signal:
>>>
>>> killall -HUP daemon
>>>
>>> or by restarting it altogether:
>>>
>>> /etc/init.d/daemon restart
>>>
>>> Hope this helps.
>> Don't forget to configure the host you are logging to so that it
>> will accept logging from an outside machine. By default, it probably
>> doesn't.
>>
> Don't know about the syslog daemon, but it looks as if the firewall 
> rules don't. The good think about using a syslog machine is that the 
> *times* match, the bad thing is that it's a single point of failure, and 
> network connected as well. So for debugging network issues it's 
> suboptimal.  ;-)

By default, most firewalls don't permit syslog, so you have to open
UDP port 514 on the receiving machine.

Also, both the old syslogd and the newer rsyslogd have to have the "-r"
option specified for them to actually listen to the network (the "-r"
can also have a port number appended, e.g. "-r 514").  Not sure about
ng-syslog, but I suspect the same is true.

On Red Hattish machines, options are passed to the syslog daemon by
values stuffed into the "SYSLOGD_OPTIONS" line of either the
"/etc/sysconfig/syslog" or "/etc/sysconfig/rsyslog" file (depending on
which syslog daemon you're running.  By default, you'll find

	SYSLOGD_OPTIONS="-c 3" (/etc/sysconfig/rsyslog)
	SYSLOGD_OPTIONS="-m 0" (/etc/sysconfig/syslog)

Prepend that with "-r" (e.g. SYSLOGD_OPTIONS="-r -c 3") and then do a
"service syslog restart".  It should start listening to the network.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer                      ricks at nerd.com -
- AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
-                                                                    -
-                       When in doubt, mumble.                       -
----------------------------------------------------------------------




More information about the fedora-list mailing list